Okta has confirmed that they were hacked by LAPSUS$ ransomware group.
LAPSUS$ ransomware posted screenshots which they claimed were of Okta’s internal company environment yesterday. Today, the authentication services provider has updated a blog post confirming the breach:
“After a thorough analysis of these claims, we have concluded that a small percentage of customers — approximately 2.5% — have potentially been impacted and whose data may have been viewed or acted upon. We have identified those customers and are contacting them directly,” Okta CSO David Bradbury said.
2.5% equates to 375 of Okta’s customers.
“If you are an Okta customer and were impacted, we have already reached out directly by email,” Bradbury continued.
It’s believed that the incident took place in January 2022.
Investigation into the incident suggests that the shared screenshots were sourced from a support engineer’s laptop.